Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-06-16FireEyeTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson
@online{mclellan:20210616:smoking:fa6559d, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html}, language = {English}, urldate = {2021-06-21} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike FiveHands
2021-05-27FireEyeDan Perez, Sarah Jones, Greg Wood, Stephen Eckels, Emiel Haeghebaert
@online{perez:20210527:rechecking:cd4a304, author = {Dan Perez and Sarah Jones and Greg Wood and Stephen Eckels and Emiel Haeghebaert}, title = {{Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices}}, date = {2021-05-27}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices.html}, language = {English}, urldate = {2021-06-09} } Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
2021-05-25FireEyeKeith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker
@online{lunden:20210525:crimes:6597645, author = {Keith Lunden and Daniel Kapellmann Zafra and Nathan Brubaker}, title = {{Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises}}, date = {2021-05-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html}, language = {English}, urldate = {2021-06-16} } Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
2021-05-11FireEyeJordan Nuce, Jeremy Kennelly, Kimberly Goody, Andrew Moore, Alyssa Rahman, Brendan McKeague, Jared Wilson
@online{nuce:20210511:shining:339d137, author = {Jordan Nuce and Jeremy Kennelly and Kimberly Goody and Andrew Moore and Alyssa Rahman and Brendan McKeague and Jared Wilson}, title = {{Shining a Light on DARKSIDE Ransomware Operations}}, date = {2021-05-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html}, language = {English}, urldate = {2021-05-13} } Shining a Light on DARKSIDE Ransomware Operations
Cobalt Strike DarkSide
2021-05-04FireEyeNick Richard, Dimiter Andonov
@online{richard:20210504:unc2529:4213d1c, author = {Nick Richard and Dimiter Andonov}, title = {{The UNC2529 Triple Double: A Trifecta Phishing Campaign}}, date = {2021-05-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html}, language = {English}, urldate = {2021-05-19} } The UNC2529 Triple Double: A Trifecta Phishing Campaign
DOUBLEBACK
2021-04-29FireEyeTyler McLellan, Justin Moore, Raymond Leong
@online{mclellan:20210429:unc2447:2ad0d96, author = {Tyler McLellan and Justin Moore and Raymond Leong}, title = {{UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat}}, date = {2021-04-29}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html}, language = {English}, urldate = {2021-05-03} } UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
FiveHands
2021-04-28FireEyeLee Foster, David Mainor, Ben Read, Sam Riddell, Gabby Roncone, Lindsay Smith, Alden Wahlstrom
@online{foster:20210428:ghostwriter:3455770, author = {Lee Foster and David Mainor and Ben Read and Sam Riddell and Gabby Roncone and Lindsay Smith and Alden Wahlstrom}, title = {{Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity}}, date = {2021-04-28}, organization = {FireEye}, url = {https://content.fireeye.com/web-assets/rpt-unc1151-ghostwriter-update}, language = {English}, urldate = {2021-05-03} } Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
2021-04-27FireEyeDoug Bienstock
@online{bienstock:20210427:abusing:60f23c5, author = {Doug Bienstock}, title = {{Abusing Replication: Stealing AD FS Secrets Over the Network}}, date = {2021-04-27}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/abusing-replication-stealing-adfs-secrets-over-the-network.html}, language = {English}, urldate = {2021-04-29} } Abusing Replication: Stealing AD FS Secrets Over the Network
2021-04-20FireEyeJosh Fleischer, Chris DiGiamo, Alex Pennino
@online{fleischer:20210420:zeroday:0641c6a, author = {Josh Fleischer and Chris DiGiamo and Alex Pennino}, title = {{Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise}}, date = {2021-04-20}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/zero-day-exploits-in-sonicwall-email-security-lead-to-compromise.html}, language = {English}, urldate = {2021-04-28} } Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
2021-04-20FireEyeDan Perez, Sarah Jones, Greg Wood, Stephen Eckels, Stroz Friedberg, Joshua Villanueva, Regina Elwell, Jonathan Lepore, Dimiter Andonov, Josh Triplett, Jacob Thompson
@online{perez:20210420:check:986d162, author = {Dan Perez and Sarah Jones and Greg Wood and Stephen Eckels and Stroz Friedberg and Joshua Villanueva and Regina Elwell and Jonathan Lepore and Dimiter Andonov and Josh Triplett and Jacob Thompson}, title = {{Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day}}, date = {2021-04-20}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html}, language = {English}, urldate = {2021-04-21} } Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
2021-04-20Github (fireeye)FireEye, Mandiant
@online{fireeye:20210420:fireeye:287db5f, author = {FireEye and Mandiant}, title = {{FireEye Mandiant PulseSecure Exploitation Countermeasures}}, date = {2021-04-20}, organization = {Github (fireeye)}, url = {https://github.com/fireeye/pulsesecure_exploitation_countermeasures/}, language = {English}, urldate = {2021-04-20} } FireEye Mandiant PulseSecure Exploitation Countermeasures
2021-03-31FireEyeDavid Via, Scott Runnels
@online{via:20210331:back:f31add1, author = {David Via and Scott Runnels}, title = {{Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service}}, date = {2021-03-31}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html}, language = {English}, urldate = {2021-04-06} } Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
2021-03-04FireEyeLindsay Smith, Jonathan Leathery, Ben Read
@online{smith:20210304:new:53f1d8d, author = {Lindsay Smith and Jonathan Leathery and Ben Read}, title = {{New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452}}, date = {2021-03-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html}, language = {English}, urldate = {2021-03-06} } New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
UNC2452
2021-03-04FireEyeMatt Bromiley, Chris DiGiamo, Andrew Thompson, Robert Wallace
@online{bromiley:20210304:detection:3b8c16f, author = {Matt Bromiley and Chris DiGiamo and Andrew Thompson and Robert Wallace}, title = {{Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities}}, date = {2021-03-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html}, language = {English}, urldate = {2021-03-10} } Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
CHINACHOPPER HAFNIUM
2021-03-01FireEyeFireEye, Mandiant
@techreport{fireeye:20210301:accellion:46e70cd, author = {FireEye and Mandiant}, title = {{ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment}}, date = {2021-03-01}, institution = {FireEye}, url = {https://www.accellion.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf}, language = {English}, urldate = {2021-03-11} } ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment
DEWMODE
2021-02-25BrightTALK (FireEye)Andrew Rector, Matt Bromiley, Mandiant
@online{rector:20210225:light:005aa58, author = {Andrew Rector and Matt Bromiley and Mandiant}, title = {{Light in the Dark: Hunting for SUNBURST}}, date = {2021-02-25}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/469525}, language = {English}, urldate = {2021-02-20} } Light in the Dark: Hunting for SUNBURST
SUNBURST
2021-02-25FireEyeBryce Abdo, Brendan McKeague, Van Ta
@online{abdo:20210225:so:88f3400, author = {Bryce Abdo and Brendan McKeague and Van Ta}, title = {{So Unchill: Melting UNC2198 ICEDID to Ransomware Operations}}, date = {2021-02-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html}, language = {English}, urldate = {2021-03-02} } So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC
2021-02-22FireEyeAndrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta, Kimberly Goody
@online{moore:20210222:cyber:a641e26, author = {Andrew Moore and Genevieve Stark and Isif Ibrahima and Van Ta and Kimberly Goody}, title = {{Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion}}, date = {2021-02-22}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html}, language = {English}, urldate = {2021-02-25} } Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
DEWMODE Clop
2021-02-16FireEyeMatt Bromiley, Andrew Rector, Robert Wallace
@online{bromiley:20210216:light:5541ad4, author = {Matt Bromiley and Andrew Rector and Robert Wallace}, title = {{Light in the Dark: Hunting for SUNBURST}}, date = {2021-02-16}, organization = {FireEye}, url = {https://www.fireeye.com/blog/products-and-services/2021/02/light-in-the-dark-hunting-for-sunburst.html}, language = {English}, urldate = {2021-02-20} } Light in the Dark: Hunting for SUNBURST
SUNBURST
2021-01-26FireEyeBernard Sapaden, Mohammed Mohsin Dalla, Rahul Mohandas, Sachin Shukla, Srini Seethapathy, Sujnani Ravindra
@online{sapaden:20210126:phishing:9b3dbb3, author = {Bernard Sapaden and Mohammed Mohsin Dalla and Rahul Mohandas and Sachin Shukla and Srini Seethapathy and Sujnani Ravindra}, title = {{Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication}}, date = {2021-01-26}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/01/phishing-campaign-woff-obfuscation-telegram-communications.html}, language = {English}, urldate = {2021-01-29} } Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication